Not if the person is really thorough. But if all that's being done is
something like SunOS nit is being used, there is a way: emit a packet
addressed to an Ethernet address not in use on that segment, but with
the suspect machine's IP address in the IP to-address field. Make it
something you can count on to draw a reply, like an ICMP echo request
("ping"). Then if the interface is promiscuous, the packet will be
picked up, the Ethernet code will blindly strip the Ethernet header and
kick it upstairs to IP, which will obediently reply to you.
Nope. I quote:
if ((ifp->if_flags & IFF_PROMISC) &&
(eh->ether_dhost[0] & 1) == 0 && /* !mcast and !bcast */
bcmp(eh->ether_dhost, sc->sc_arpcom.ac_enaddr,
sizeof(eh->ether_dhost)) != 0) {
m_freem(m);
return;
}
Doing otherwise would be a *significant* performance hit.